agent: Also evict cached items via a timer.

* agent/cache.c (agent_cache_housekeeping): New func. * agent/gpg-agent.c (handle_tick): Call it. -- This change mitigates the risk of having cached items in a post mortem dump. GnuPG-bug-id: 3829 Signed-off-by: Werner Koch <wk@gnupg.org>
2024-12-22 10:19:57 +01:00 · 2018-03-06 16:22:42 +01:00 · 2018-03-06 16:22:42 +01:00 · f060cb5c63
commit f060cb5c63
parent bf43b39c05
4 changed files with 28 additions and 1 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -450,6 +450,7 @@ int agent_clear_passphrase (ctrl_t ctrl,
 /*-- cache.c --*/
 void initialize_module_cache (void);
 void deinitialize_module_cache (void);
+void agent_cache_housekeeping (void);
 void agent_flush_cache (void);
 int agent_put_cache (const char *key, cache_mode_t cache_mode,
                     const char *data, int ttl);
--- a/agent/cache.c
+++ b/agent/cache.c
@ -258,6 +258,26 @@ housekeeping (void)
 }


+void
+agent_cache_housekeeping (void)
+{
+  int res;
+
+  if (DBG_CACHE)
+    log_debug ("agent_cache_housekeeping\n");
+
+  res = npth_mutex_lock (&cache_lock);
+  if (res)
+    log_fatal ("failed to acquire cache mutex: %s\n", strerror (res));
+
+  housekeeping ();
+
+  res = npth_mutex_unlock (&cache_lock);
+  if (res)
+    log_fatal ("failed to release cache mutex: %s\n", strerror (res));
+}
+
+
 void
 agent_flush_cache (void)
 {
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -2398,6 +2398,9 @@ handle_tick (void)
    }
 #endif

+  /* Need to check for expired cache entries.  */
+  agent_cache_housekeeping ();
+
  /* Check whether the homedir is still available.  */
  if (!shutdown_pending
      && (!have_homedir_inotify || !reliable_homedir_inotify)
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -403,7 +403,10 @@ control this behavior but this command line option takes precedence.
 Set the time a cache entry is valid to @var{n} seconds.  The default
 is 600 seconds.  Each time a cache entry is accessed, the entry's
 timer is reset.  To set an entry's maximum lifetime, use
-@command{max-cache-ttl}.
+@command{max-cache-ttl}.  Note that a cached passphrase may not
+evicted immediately from memory if no client requests a cache
+operation.  This is due to an internal housekeeping function which is
+only run every few seconds.

@item --default-cache-ttl-ssh @var{n}
@opindex default-cache-ttl